Contents

Info

These are the steps for setting up a fully functional AMPR gateway on Ubiquiti's EdgeRouter Light and EdgeRouter-X. Tested and found working on firmware versions 1.10.8, 1.10.9, 2.0.0 and 2.0.1.

NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL RULES YOURSELF.

We start assuming you have a complete working and configured router, that already has internet access (a configured WAN port and a local LAN).

For technical reasons, this set-up does not support dynamic assigned WAN addresses. If you have a dynamic IP, this setup can only be used in the primary router's DMZ.

Some technical details:

We will use an IPIP tunnel interface called 'tun44' connected to your external interface (with a fixed public IP or an interface in a DMZ). All ampr routes will be created in routing table 44. Routing table 45 will be used for routing requests from the public internet back via the ampr-gw.

On a firmware update, you need to reinstall ampr-ripd, since the file system gets replaced. The tunnel setup and the status wizard will stay.

Tunnel Setup

First add tunnel interface. You need to reserve an AMPR address from your AMPR subnet for the tunnel interface.
If you have a /32 assignment, you need to use that one, else pick an unused address.

Use the name 'tun44' for the tunnel, don't get creative since the script depends on this name.

d. edit the startup script to fit your needs. This is only needed if your router is behind NAT or you need to reject specific subnets. Edit only the -a options like below, don't touch the rest. If you want to have your position shown on the ampr map, also add the -L option using your callsign and your QTH locator ( -L your-call@AA00aa ).

NOTE: THE SETUP SCRIPT DOES NOT SECURE YOUR ROUTER. YOU NEED TO SET UP FIREWALL RULES YOURSELF.

Adding a Local AMPR subnet

To use a local AMPR subnet, just assign the router's AMPR IP with the proper subnet mask to a local network interface, using the regular EdgeRouter management interface. Remember to also set up the proper firewall rules to allow or disallow access to your hosts.